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DETAILED ACTION 

Claims 1-2, 4-11, 13-17 have been examined and are pending. 

Continued Examination Under 37 CFR 1,114 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
07/23/2007 has been entered. 

Response to Arguments 

As regards to claims 1-2, 4-1 1 , 13-17, the Applicant argues that the Brown patent 
of US Patent No. 5,668,875 (issued Sep. 16, 1997) disqualifies the current rejection 
under 103 (c)(1). 

The Examiner responses that: 

35 U.S.C § 103(c)(1) states "Subject matter developed by another person, which 
qualifies as prior art only under one or more of subsections (e), (f), and (g) of section 
102 of this title, shall not preclude patentability under this section where the subject 
matter and the claimed invention were, at the time the claimed invention was made, 
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owned by the same person or subject to an obligation of assignment to the same 
person" (See MPEP 2146). 

The Brown rejection (US Patent 5,668,875) qualifies under 102(b) reference. The 
Brown reference as a 102 (b) reference and was published more than 1 year prior to the 
filing of the instant applicant. Since The Brown does not qualify as a 102 (e), (f), and 
(g). The Applicant cannot invoke 103 (c)(1) to overcome the current rejection. 
Therefore, the rejection under 35 U.S.C § 103(a) is proper and maintained. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-2, 4-11, and 13 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Malinen et al. (Publication Number: US 2003/0028763 A1) and 
Brown et al. (US Patent 5,668,875) in view of Blom (US 2003/0233546 A1). 

Claim 1 

Malinen teaches a method of authenticating an electronic device, the electronic device 
having device specific identifying data stored therein, the method comprising: 

obtaining one of the challenge response pairs associated with the electronic 
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device [par. [0083], lines 7-12; par. [0011], lines 1-3; "an authentication gateway 115 
maintains an authentication session and is able to query the RAND (i.e. challenge) and 
SRES (i.e. system response) for a received International Mobile Subscriber Identifier 
(I MSI) from a local authorization database. An identity associated with a client is 
equivalent to the device specific"]; 

communicating a challenge portion of the challenge response pair to the 
electronic device [par. [0011], lines 1-5; the challenge is sent to the client]. 

receiving from the electronic device a response to the challenge portion, wherein 
the response being based upon the device specific identifying information [par. [0011], 
lines 5-6; a client generates a response that is sent back to the authorizer]. 

comparing the response to a response portion of the challenge response pair 
[par. [0011], lines 6-7; an authorizer compares the challenge to the response]; and 

authenticating the user if the response matches [par. [0011], lines 8-9; If the 
response is correct, the authorizer provides a service to the client]. 
Malinen does not teach a method of plurality of random challenges to the electronic 
device and receiving a plurality of responses from the electronic device. 

Brown teaches a method of issuing a plurality of random challenges to the 
electronic device and receiving a plurality of responses from the electronic device, 
wherein each random challenge and corresponding response represents a challenge 
response pair which is unique and based upon specific identifying data of the electronic 
device [col. 4, line 66 to col. 5 line 3; col. 11, lines 14-17; a RAND generator 136 is used 
for generating the challenges in communication with the subscribe unit 110. Once the 
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responses are received at VLR, the MSI, location, service request and RAND/RESP V 
pairs are forward to home system and home location register or other authenticating 
center for the user identity unit"]; 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to modify the method of Malinen by including the step of 
Brown because it would allow a subscriber and its associated home system 
authentication protocol, and a roamed system uses a corresponding local authentication 
protocol [Blom, par. [001], lines 3-7]. 
Claim 2 

Malinen also teaches the method of claim 1 , wherein the step of obtaining one of the 
challenge response pairs comprises obtaining from a database store of challenge 
response pairs the challenge response pair [par. [0083], lines 7-12; an authentication 
gateway 115 maintains an authentication session and is able to query the RAND (i.e. 
challenge) and SRES (i.e. response) for a received International Mobile Subscriber 
Identifier (IMSI) from a local authorization database. The local database can be used to 
store more than one challenge response pair]. 
Claim 4 

Blom further teaches the method of claim 1 , wherein the step of obtaining a challenge 
response pair comprises obtaining a challenge response pair from a challenge 
response pair broker [par. [0059], lines 11-14; a broker acting as a general 
authentication center or service provider]. 
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Claim 5 

Malinen further teaches the method of claim 1 , wherein the device specific identifying 

data comprises data stored on a subscriber identity module (SIM) card associated with 

the electronic device, or computed by the SIM card upon demand 

[par. [0074], lines 1 1-13. A SIM card provides a session key for the mobile node, and a 

response is sent back to an authorizerj. 

Claim 6 

Malinen further teaches the method of claim 1 , comprising the step of discarding the 
challenge response pair after use [par. [0194]; a router advertisement contains a 
"challenge", which is essentially a random number used as a nonce]. 
Claim 7 

Malinen further teaches the method of claim 1 , wherein the step of obtaining a 
challenge response pair comprises obtaining via a secure communication interface the 
challenge response pair [par. [0073]; par. [0074]; a client can use its own generated 
instance of the session key for secure communication with access provider. It is 
included to obtain a challenge response pair]. 
Claim 8 

Claim 8 is essentially the same as claim 1 except that it sets forth the claimed invention 
as a system further comprising a memory for storing the challenge response pair [see 
Malinen, par. [0083], lines 7-12; a memory is equivalent to a database] rather a method 
and rejected under the same reasons as applied above. 
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Claim 9 

Malinen further teaches the system of claim 8, wherein the device specific identifying 
data comprises subscribed identity module (SIM) card data from a SIM card within the 
electronic device [par. [0074], lines 10-13]. 
Claim 10 

Malinen further teaches the system of claim 9, wherein the user comprises a service 
provider having a need to authenticate the electronic device [par. [0074], lines 10-13]. 
Claim 11 

Malinen further the system of claim 10, wherein the agent for interrogating and the 
agent for providing are associated with the service provider [par. [007], lines 2-4]. 
Claim 13 

Blom further teaches the system of claim 8, wherein the agent for providing the 
challenge response pair comprises a challenge response pair broker [par. [0059], lines 
11-14; a broker acting as a general authentication center or service provider]. 

« 

Claims 14-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Malinen etal. (Publication Number: US 2003/0028763 A1) and Brown et al. (US 
Patent 5,668,875) in view of Ekberg (International Publication Number: WO 
00/02406) and further in view of Blom (US 2003/0233546 A1). 
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Claim 14 

Malinen teaches a method of providing an authentication service comprising the steps 
of: 

providing responsive to a request for an authentication service a challenge 
response pair to a service provider for authenticating the electronic device by 
communicating a challenge portion of the challenge response pair to the electronic 
device [par. [0011], lines 1-5; the challenge is sent to the client], receiving from the 
electronic device a response to the challenge portion [par. [001 1], lines 5-6; a client 
generates a response that is sent back to the authorizer], wherein the response being 
based upon the device specific identifying information, comparing the response from the 
electronic device to a response portion of the challenge response pair [par. [0011], lines 
6-7; an authorizer compares the challenge to the response]; and authenticating the user 
if the response matches [par. [0011], lines 8-9; If the response is correct, the authorizer 
provides a service to the client]. 

Malinen does not teach a method of obtaining from an electronic device a plurality of 
challenge response pairs through issuance of a plurality of random challenges to the 
electronic device and receiving a plurality of responses from the electronic device. 

Brown teaches a method of obtaining from an electronic device a plurality of 
challenge response pairs through issuance of a plurality of random challenges to the 
electronic device and receiving a plurality of responses from the electronic device, 
wherein each random challenge and corresponding response represents a challenge 
response pair which is unique and based upon the challenge and device specific 
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identifying data associated with the electronic device [col. 4, line 66 to col.5 line 3; col. 
11, lines 14-17; a RAND generator 136 is used for generating the challenges in 
communication with the subscribe unit 110. Once the responses are received at VLR, 
the MSI, location, service request and RAND/RESP V pairs are forward to home system 
and home location register or other authenticating center for the user identity unit"]; 
Malinen and Brown do not teach for storing the challenge response pairs. 

Ekberg teaches a method of storing the challenge response pairs [abstract, lines 
15-13; pg. 14, lines 27-37; pg. 15 lines 1-9; a subscriber-specific information is stored in 
a database (DB) in advance. A subscriber's authentication is contained at least a 
challenge and a response]; 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to combine the method of Malinen, Ekberg, and Brown by 
including the motivation of Blom because it would allow a subscriber and its associated 
home system authentication protocol, and a roamed system uses a corresponding local 
authentication protocol [Blom, par. [001], lines 3-7] 
Claim 15 

Malinen further teaches the method of claim 14, wherein the step of obtaining from an 
electronic device a plurality of challenge response pairs comprises generating from a 
subscribed identify module (SIM) card a plurality of challenge response pairs and 
providing the SIM card to a user of the electronic device [par. [0088], lines 2-3; a set of 
n SIM challenges, responses, and session keys may be used to create a key] 
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Claim 16 

Blom further teaches the method of claim 14, wherein the step of providing response to 
a request for an authentication service a challenge response pair comprises vending the 
challenge response pair [par. [0024], lines 21-25; a service provider is equivalent to a 
vendor]. 
Claim 17 

Malinen further teaches the method of claim 14, wherein the step of providing response 
to a request for an authentication service a challenge response pair comprises securely 
communicating the challenge response pair to the service provider [par. [0073]; par. 
[0074]; a client can use its own generated instance of the session key for secure 
communication with access provider. It is included to obtain a challenge response pair]. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-2, 4-11, and 13 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Malinen et al. (Publication Number: US 2003/0028763 A1) and 
Marcovici et al. (US 2005/0113067 A1) in view of Blom (US 2003/0233546 A1). 



Application/Control Number: 1 0/749,820 Page 1 1 

Art Unit: 2139 

Claim 1 

Malinen teaches a method of authenticating an electronic device, the electronic device 
having device specific identifying data stored therein, the method comprising: 

obtaining one of the challenge response pairs associated with the electronic 
device [par. [0083], lines 7-12; par. [0011], lines 1-3; "an authentication gateway 115 
maintains an authentication session and is able to query the RAND (i.e. challenge) and 
SRES (i.e. system response) for a received International Mobile Subscriber Identifier 
(IMSI) from a local authorization database. An identity associated with a client is 
equivalent to the device specific"]; 

communicating a challenge portion of the challenge response pair to the 
electronic device [par. [0011], lines 1-5; the challenge is sent to the client]. 

receiving from the electronic device a response to the challenge portion, wherein 
the response being based upon the device specific identifying information [par. [0011], 
lines 5-6; a client generates a response that is sent back to the authorizer]. 

comparing the response to a response portion of the challenge response pair 
[par. [0011], lines 6-7; an authorizer compares the challenge to the response]; and 

authenticating the user if the response matches [par. [0011], lines 8-9; If the 
response is correct, the authorizer provides a service to the client]. 

Malinen does not teach a method of plurality of random challenges to the 
electronic device and receiving a plurality of responses from the electronic device. 

However, Marcovici teaches a method of issuing a plurality of random challenges 
to the electronic device and receiving a plurality of responses from the electronic 
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device, wherein each random challenge and corresponding response represents a 
challenge response pair which is unique and based upon specific identifying data of the 
electronic device [par. [0036], lines 12-16; "The act of authenticating may include 
transmitting one or more random challenges and receiving one or more responses 
associated with the random challenges, where the response(s) may be determined 
based on applying the WKEY to the random challenge(s)"; par. [0041]; lines 1-10; par. 
0041; lines 1-2]; 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to modify the method of Malinen by including the step of 
Marcovici because it would allow a subscriber and its associated home system 
authentication protocol, and a roamed system uses a corresponding local 
authentication protocol [Blom, par. [001], lines 3-7]. 
Claim 2 

Malinen also teaches the method of claim 1, wherein the step of obtaining one of the 
challenge response pairs comprises obtaining from a database store of challenge 
response pairs the challenge response pair [par. [0083], lines 7-12; an authentication 
gateway 115 maintains an authentication session and is able to query the RAND (i.e. 
challenge) and SRES (i.e. response) for a received International Mobile Subscriber 
Identifier (IMSI) from a local authorization database. The local database can be used to 
store more than one challenge response pair]. 
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Claim 4 

Blom further teaches the method of claim 1 , wherein the step of obtaining a challenge 
response pair comprises obtaining a challenge response pair from a challenge 
response pair broker [par. [0059], lines 11-14; a broker acting as a general 
authentication center or service provider]. 
Claim 5 

Malinen further teaches the method of claim 1 , wherein the device specific identifying 

data comprises data stored on a subscriber identity module (SIM) card associated with 

the electronic device, or computed by the SIM card upon demand 

[par. [0074], lines 11-13. A SIM card provides a session key for the mobile node, and a 

response is sent back to an authorizer]. 

Claim 6 

Malinen further teaches the method of claim 1 , comprising the step of discarding the 
challenge response pair after use [par. [0194]; a router advertisement contains a 
"challenge", which is essentially a random number used as a nonce]. 
Claim 7 

Malinen further teaches the method of claim 1 , wherein the step of obtaining a 
challenge response pair comprises obtaining via a secure communication interface the 
challenge response pair [par. [0073]; par. [0074]; a client can use its own generated 
instance of the session key for secure communication with access provider. It is 
included to obtain a challenge response pair]. 
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Claim 8 

Claim 8 is essentially the same as claim 1 except that it sets forth the claimed invention 
as a system further comprising a memory for storing the challenge response pair [see 
Malinen, par. [0083], lines 7-12; a memory is equivalent to a database] rather a method 
and rejected under the same reasons as applied above. 
Claim 9 

Malinen further teaches the system of claim 8, wherein the device specific identifying 
data comprises subscribed identity module (SIM) card data from a SIM card within the 
electronic device [par. [0074], lines 10-13]. 
Claim 10 

Malinen further teaches the system of claim 9, wherein the user comprises a service 
provider having a need to authenticate the electronic device [par. [0074], lines 10-13]. 
Claim 11 

Malinen further the system of claim 10, wherein the agent for interrogating and the 
agent for providing are associated with the service provider [par. [007], lines 2-4] 
Claim 13 

Blom further teaches the system of claim 8, wherein the agent for providing the 
challenge response pair comprises a challenge response pair broker [par. [0059], lines 
1 1-14; a broker acting as a general authentication center or service provider]. 



Claims 14-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Malinen et al. (Publication Number: US 2003/0028763 A1) and Marcovici et al. (US 
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2005/0113067 A1) in view of Ekberg (International Publication Number: WO 
00/02406) and further in view of Blom (US 2003/0233546 A1). 

Claim 14 

Malinen teaches a method of providing an authentication service comprising the steps 
of: 

providing responsive to a request for an authentication service a challenge 
response pair to a service provider for authenticating the electronic device by 
communicating a challenge portion of the challenge response pair to the electronic 
device [par. [0011 J, lines 1-5; the challenge is sent to the client], receiving from the 
electronic device a response to the challenge portion [par. [0011], lines 5-6; a client 
generates a response that is sent back to the authorizer], wherein the response being 
based upon the device specific identifying information, comparing the response from the 
electronic device to a response portion of the challenge response pair [par. [0011], lines 
6-7; an authorizer compares the challenge to the response]; and authenticating the user 
if the response matches [par. [0011], lines 8-9; If the response is correct, the authorizer 
provides a service to the client]. 

Malinen does not teach a method of obtaining from an electronic device a plurality of 
challenge response pairs through issuance of a plurality of random challenges to the 
electronic device and receiving a plurality of responses from the electronic device. 

Marcovici teaches a method of obtaining from an electronic device a plurality of 
challenge response pairs through issuance of a plurality of random challenges to the 



Application/Control Number: 10/749,820 Page 16 

Art Unit: 2139 

electronic device and receiving a plurality of responses from the electronic device, 
wherein each random challenge and corresponding response represents a challenge 
response pair which is unique and based upon the challenge and device specific 
identifying data associated with the electronic device [par. [0036], lines 12-16; "The act 
of authenticating may include transmitting one or more random challenges and 
receiving one or more responses associated with the random challenges, where the 
response(s) may be determined based on applying the WKEY to the random 
challenge(s)"; par. [0041]; lines 1-10; par. 0041; lines 1-12]; 

Malinen and Marcovici do not explicitly teach for storing the challenge response pairs. 

However, Ekberg teaches a method of storing the challenge response pairs 
[abstract, lines 15-13; pg. 14, lines 27-37; pg. 15 lines 1-9; a subscriber-specific 
information is stored in a database (DB) in advance. A subscriber's authentication is 
contained at least a challenge and a response]; 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to combine the method of Malinen, Ekberg, and Marcovici 
by including the motivation of Blom because it would allow a subscriber and its 
associated home system authentication protocol, and a roamed system uses a 
corresponding local authentication protocol [Blom, par. [001], lines 3-7]. 
Claim 15 

Malinen further teaches the method of claim 14, wherein the step of obtaining from an 
electronic device a plurality of challenge response pairs comprises generating from a 
subscribed identify module (SIM) card a plurality of challenge response pairs and 
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providing the SIM card to a user of the electronic device [par. [0088], lines 2-3; a set of 
n SIM challenges, responses, and session keys may be used to create a key]. 
Claim 16 

Blom further teaches the method of claim 14, wherein the step of providing response to 
a request for an authentication service a challenge response pair comprises vending the 
challenge response pair [par. [0024], lines 21-25; a service provider is equivalent to a 
vendor]. 
Claim 17 

Malinen further teaches the method of claim 14, wherein the step of providing response 
to a request for an authentication service a challenge response pair comprises securely 
communicating the challenge response pair to the service provider [par. [0073]; par. 
[0074]; a client can use its own generated instance of the session key for secure 
communication with access provider. It is included to obtain a challenge response pair]. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Canh Le whose telephone number is 571-270-1380. 
The examiner can normally be reached on Monday to Friday 7:30AM to 5:00PM other 
Friday off. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Canh Le 
August 16, 2007 
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